Last visited

About SAS_Dave

Profile Information

A complete scan will scan all of the files on the PC, regardless of the user logged in. However, user-specific registry entries and some Internet Explorer cookies are only scanned for the user that initiated the scan.
Quick and Critical point scans target specific folders, some of which are user-specific, so those scans won't be as multi-user-friendly as a complete scan.

When you "SUPERDelete" a file, it adds that file to a list (the list you are seeing of all files you've "SUPERDeleted") and then SAS will take every possible measure to delete the file.
The list of files you are seeing will be re-deleted when you reboot your PC. This is in part due to some files being unable to be deleted until a reboot, but it's also a handy feature if something keeps re-creating a file you don't want - SUPERDelete will keep deleting it for you until you clear it from the SUPERDelete list. The filename being in that list doesn't mean the file is still on your PC, odds are it isn't.
Hope that information helps!

Scheduled scans use the application-wide scan settings, so there isn't an option to select specific locations for each scheduled scan.
Within the scan settings, you can add drives or folders to the excluded folders setting, but that option would be used for all scans, scheduled and manual. You can also configure a custom scan to target only specific drives or folders; but only one custom scan can be configured.

Hi,
We do offer a trial of SAS Pro that you could install to ensure it works with your antivirus of choice and will happily issue you a refund within 30 days for any reason,. That being said, we haven't had any reports of problems with Bitdefender so (wait for it...) "I think" it "should" work for you SAS doesn't hook into the system in an aggressive way, which is why we've always been very compatible with other scanners and exceptionally light on system resources.
- Dave
Edit: I missed your question about donations; it's awesome that you want to support our efforts with SAS and hearing that is always a big motivator for us to keep making it a great product. Unfortunately, we can't accept donations - I think it's something to do with our parent company being publicly traded? I'm not sure, I just make software 'round here

Microsoft changed the way programs are supposed to ask for the current Windows version, which (of course) is not backwards compatible with prior versions of Windows. They decided to "freeze" the version that is reported back to the application at Windows 8 if you don't use the new method. Sometimes Microsoft makes unusual decisions. The only thing it affects within SAS is the version display in the log, but we'll get that cleaned up for the next build now that it actually matters
- Dave

Was there a specific error during the upgrade? We've been testing with Win10 for months on the beta builds, but not the upgrade process (since it's only been available for a few days). It's not surprising that completely replacing all system files and registry hives would be problematic for any detection system... I'd say the recommendation to disable anti-virus/malware/spyware tools is warranted here. The good news is it's much easier to disable SUPERAntiSpyware than many other tools; just click on the real-time protection button on the main window and uncheck the real-time enabled option. After the upgrade, re-enable and SAS will work great in Win10.

I don't remember specifically when that check was introduced, but it was somewhat recent, but a few updates ago. Build 1194 could've been it.
I couldn't say why Windows is giving you that error, but it at least confirms that our internal check is consistent with file explorer. It's possible that certificate verification requests are being blocked by a firewall? You might want to download Fiddler web debugger (I don't have the URL handy, but it's a great free tool, google should be able to find it for you); it'll show all of the http requests happening on your system (some of which should be digital cert verifications). It might give you a clue as to why it's not working right...or that might be more than you care to tinker with; it can be confusing to use depending on your technical prowess. Digital certs that don't validate can be a great indicator that something is wrong (virus,etc), when it's working correctly, so I'd make every effort to get that back to functioning on your PC.
At any rate, I'll take a look and see if we can add an option to hide the alert for situations like yours, where the cert validation is permanently broken on a Windows install.

Hi,
So, this was something we added a while back to alert users of a potential virus/hack situation. SUPERAntiSpyware has always been digitally signed with an authenticode signature, but we recently added a check to verify that the digital signature is still valid. If the binary has been altered, it will invalidate the code signing. There are other situations that could cause the digital signature check to fail as well - Windows will use the Internet if it needs to validate the root authority; but that's usually cached. As you stated earlier, there haven't been any other reports of this alert occurring erroneously, so it might be isolated to a problem with your Windows install or an Internet issue?
You can verify the digital signature of SUPERAntiSpyware.exe (or any other signed binary) through Windows file explorer by right-clicking on the file, then selecting properties, select the "Digital Signatures" tab, click on the signature in the list and click the details button. It should say "This digital signature is OK." near the top of the window that opens up. If not, then there's either something wrong with the binary (corrupt/infected) or Windows is not able to verify it (internet issue, disabled service?).
Your other question about the CORE and TRACE rule versions - we stopped displaying the TRACE rule version because (for many years now) we always updated them simultaneously, so it seemed redundant to have another number that was basically meaningless... visual clutter. It's now just listed as "Database Version" at the bottom right corner of the main window.

This isn't the problem. The malware itself is being manually modified, not a SAS program file. What I explained earlier was that if we observe a particular infection that doesn't exist with multiple timestamps on real infected machines (or some other portion of the file for that matter), SAS will use a less exhaustive detection method for that particular infection. This user is simulating a "what if" scenario that our malware researchers haven't found to actually occur for the files in question. It's a valid concern, but rest assured, if we encounter an infection that has random timestamps, we would create an appropriate method to detect that infection.
- Dave

Nah, there's no interconnected user network like that here at SUPERAntiSpyware The concerns from "antispyware" are understandable, but they're misplaced. Some infections do have randomized portions inside the file data, and those infections are detected using more comprehensive methods. "antispyware" is taking a file that is detected with a basic method, and simulating a situation where it is morphing. In reality, though, that infection is not likely to morph on real users machines, so it's not really an "in context" test; which is all we really care about... removing real infections on real users' machines.

SAS uses many methods to detect malware. Sometimes it's a hash of the entire file data, sometimes it's portions of the file content, sometimes it's just the filename. It really depends on if that particular malware is known to morph or if it's always the same. How something is detected affects scan speed, which we try very hard to optimize as it checks against hundreds of thousands of possibilities. We don't detect based on every possible theoretical situation (like a user intentionally modifying a file), we detect on what we observe on legitimate infections.
- Dave
Note: If an existing detection is found to be morphing (like, the timestamp or one of the strings is being manipulated in an automated way), then a static detection will be changed in our database to be a morphing detection to encompass the modifications we have observed. However, just modifying a file on your PC (unless you're also distributing the malware to other users), will not likely trigger our reassessment of the detection.

The Free Edition does include home page protection that runs in the background. This monitors for Internet Explorer's home page being changed. It's a good indication that something is manipulating your system without your permission (even if you don't use Internet Explorer). It will also occasionally check for new program versions and display a notification. If you'd rather not leave it running, you can disable the option from System Tools->Preferences->Run in the background (system tray).

First, open the main program window (double-clicking the desktop icon or the little yellow bug in the system tray on your taskbar).
From there, click on Scheduled Scanning to open the list of your scheduled scans. Select the scheduled scan you wish to modify, then click on the little gear icon that appears to the right. The option "Automatically quarantine and remove threats" is what you want to disable if you wish to see the scan results, rather than letting SUPERAntiSpyware handle them for you. You can also manipulate the scan time from that screen. Click the Save button and you're done

Hi,
Our intent with the free portable scanner was to create a solution to scan an infected PC that had a non-functioning Internet connection. It contains the latest version of our malware database embedded in the installer. The portability comes from having everything it needs included in the package (no updating required). It's not designed to leave no trace of itself; though uninstalling does a fairly complete job; HKEY_CURRENT_USER\Software\SUPERAntiSpyware.com should be removed on uninstall, we'll look into why that's not being removed. The other registry entries you listed after uninstalling are created by Windows/Explorer, not by SAS.
It's not a supported or recommended method of execution to simply run the "extracted" program files without installing them. It will try to restore missing settings, etc. There are a lot of parts to our malware removal system and it doesn't lend itself well to a "hands off" approach. Sometimes the only way to oust insidious malware is to use similar (insidious) techniques like installing drivers, restarting, running a process at startup, etc. The product simply wouldn't be as effective otherwise.
- Dave

I'm curious to know which file(s) are triggering that detection and which security product is detecting it. If you are indeed using the download direct from our site, it is most definitely a false positive; we do not include adware with SUPERAntiSpyware.